Regarding DNS in Windows Server 2003

Hi Guys,
I need bit of assitant with Windows Server 2003 dns please
I have been working on lab at home, and i setup the local dns to be mct.com.au,however if i try to browse to the site www.mct.com.au.I'm unable to do sbiviously if i ping mct.com.au it points to the local dns server ,and not the the external public dns.

The only way it works is by adding the public dns to the host file.Is there an easier way of doing this?

Thank you

 

Can someone assist me please?much appreciated

 

This is a common problem with small networks. One of the DNS assumptions is that a domain name is unique. If on your local network, you create a DNS name-space that is the same as a name-space used on the internet you will have a problem unless you reconcile the two. The two options are:

• Don't use your internet domain name as the primary domain for your local network. This is the solution I would recommend for most small business networks. The root domain name "local" is set aside specifically for local DNS name-spaces and therefore, it is usually good practice to use a domain name along the lines of companyname.local for your local domain.
• Alternatively add host A records for all the resources that use your domain name on the internet. For example, if your domain is company.com and your ISP hosts your web pages on www.company.com, you'll need to add an A record for www pointing to the ISP webserver's IP address, on your local DNS server.

 

Thanks for the reply,
If i decide to rename the dns,does it mean that i have to rejoin the desktop machines onto the network again?and that it will recreate a new windows profile when logging on?

Regards,

 

Ah! the fun and games of profiles. Don't you wish there was an easy way to say "this user will use this profile! ".

It is possible the profile will change and/or the PC will have to rejoin the network. In my experience, it doesn't take much for a XP or win2000 machine to decide it should use a different profile. I think there is a good chance you'll have profile issues.

However, I think a bigger issue is what changing the domain name will do to active directory. I'd recommend a good hunt round microsoft.com for articles on changing the network DNS name.

Therefore, in your situation where you already have a working win2003 network in place, I think I'd recommend the second of the two options I posted before. That is create and maintain A host records for the external resources.

 

I've had a quick look around Microsoft's articles, to see if there is anything there.

This one has more information about setting up AD and DNS together, but probably doesn't have enough information for you.

This article describes a number of address changing issues

I found the last article with this google search. There are a few articles there that might be of help.

 

Hi ReggieB,
Thanks for your replies.I think id prefer to go with A host records
If i add host records to the server, does it mean that the server is vulnerable to the outside world ?

 

No. All that the DNS server does is return a name when you give it an IP address, and return an IP address when you give it a name.

At the moment, when you request the IP address of your external resource (e.g. www.companyname.com), the DNS server doesn't have a record for that node name so it fails. The DNS is the authority for your domain and therefore will not go to an external DNS server to see if that has the name - why should it, its meant to be the authoritive name resolver for the name space.

Therefore you need to tell your server a mapping to the external resource. You add a A record. By doing this, all you are doing is telling the DNS server "When someone requests the IP address for this node, return this address." The DNS does not go out and talk to the remote resource. Therefore you are not opening an extra vulnerability. All you are doing is allowing computers on your network to match a DNS name to a specific IP address.

The process then becomes: You attempt to open a connection to the remote resource via it's DNS name. Your computer sends a call to your DNS server saying "What is the IP address for this DNS name ". The DNS server then searches its database for matching names and finds the A record. It then returns the IP address you've entered into the A record. Your PC now has the IP address and can use that address to connect to the remote resource.

 

ReggieB,
Thanks for the reply,
I was wondering how i would tell the server to map to the external address in windows server 2003? is it only a matter of right clicking on on the forward lookup and create a host record?

Many Thanks

 

Right click on the zone you want to add the A record to and select "New Host (A) ". On the next screen that pops up enter the node name and the IP address in the appropriate fields.

Note that name is the name specific to the node, so not the whole DNS name. If you are creating a host entry for www.mycompany.com in the mycompany.com zone, you enter a name of www, and the IP address of that network node.

 

Hi ReggieB
I added www and gave the ip address of hosting server but i was still not able to ping the website or browse to it.

I tried restarting the server same issue

any idea

 

Try nslookup and see what it comes back with. To test www.mycompany.com you'd enter:

nslookup www.mycompany.com

 

ReggieB,
It's working now
I have removed the host files and added the host files again restarted the server ,and could ping both the mail server and the website

Thanks alot.

I have another question please?

When I get to the stage of entering the username and password it waits for 10 seconds and then I get an error message saying that the domain is unavailable, however if I wait 15-20 seconds before logging on, it logs me on straight away


It only occurs when you first boot up the machine ,and If I enter the username and password I get the domain is available but it's working fine the 2nd attempt and logs me onto the domain very quick

I don’t know if its dns issue ,but it sounds that the machine isn’t getting the ip address from the DHCP server quick enough. What’s your opinion please?

Sorry for being ignorant

 

Good news regarding sorting out your connection issue.

Is your server set a the primary DNS server in you DHCP settings?

 

In the DHCP Scope i have dns server as 192.168.168.254 which is the server it self

what's interesting is
i was getting the error message every time I starup the machine,
however the message no longer appears since enabling 100mb full duplex on the network card, but now it sits there for 20-25 seconds and then it starts
applying personal settings instantely.Seems that when it starts up it doesn't
get the ip address from the dhcp server fast enough?

If I log off and log on again, it logs me on straight away.
It only occurs after boot

Thanks

 

To be honest, I don't know.

It might be worth packet sniffing the connection and watching the BOOTP/DHCP packet exchange to see how quickly it is happening.

However, there are a lot of other things starting up at boot. It could be another service that is taking a long time to start up, or even the network card drivers.

I presume a trawl through the Event Viewer doesn't give any clue?

 

Hi ReggieB,
I checked the system event and it gave me the following

"Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00148510768D. The following error occurred:
The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. "


I cleared the system event and restarted the machine.I entered the username and password and it waited 30 seconds and then logged me on successfully,I then checked the system event and it gave same event.

I have two 2948G Cisco switches and they are unmanaged.I'm thinking of configuring one of the ports as portfast for testing reason and try to logon.


Thanks

 

OK - I did this google search, which gives a number of hits that you might like to work through.

One caught my eye. It suggests that the problem can be related to your firewall or anti-virus program!

Are you running a personal firewall on this PC, and if so which product? Which anti-virus product are you running on that PC?

Other postings seem to indicate that the spanning tree algorithm might be the problem. However, if you are using unmanaged switches, I'd be surprised if you are using spanning tree. Do you know if you are using spanning tree? It's used to create redundant links in large networks.

 

Also have a look at Bill Castner's posting in the Networking thread:

http://www.windowsbbs.com/showpost.php?p=319724&postcount=2

It might be worth resetting Winsock as he suggests. Also it raises the question, "what is the computer name ". Does the name contain unusual characters?

 

Thanks for the articles,
I don't think it's a firewall issue because it's happening to multiple machines.
It could be due to STP issue,or the port is blocking state

I'm sure that stp is not being used,
but i will enable one of the ports as port fast and see if the problem occurs.
I also have different brand of switches that i can trying testing to see if it will cause same issue.

I found this article http://www.cisco.com/warp/public/473/12.html which really describes the symptoms I'm having